Summary

By creating a software security meta-process, we are developing the
tools that software developers need to continuously improve their
development processes, in order to prevent vulnerabilities from being
introduced into the software they develop. Our approach differs from
conventional approaches in that we do not prescribe a set of
practices. Instead, our approach helps each user determine which
practices they need.

Publications

Shanai Ardi, Nahid Shahmehri. Integrating a security plug-in with
the OpenUP/Basic development process. In the proceedings of the
Third International Conference on Availability, Reliability and
Security, ARES2008 (IEEE Computer Society ed.), Pages 284-291,
Barcelona, Spain, March 2008.

David Byers, Nahid Shahmehri. Design of a Process for Software
Security. In the proceedings of the Second International Conference
on Availability, Reliability and Security, ARES 2007. Vienna, 2007.
IEEE CS.

David Byers, Shanai Ardi, Nahid Shahmehri, and Claudiu Duma.
Modeling Software Vulnerabilities With Vulnerability Cause Graphs.
In the proceedings of the International Conference on Software Maintenance
(ICSM 2006), September 24-27, 2006, Philadelphia, Pennsylvania.

Shanai Ardi, David Byers, and Nahid Shahmehri.
Towards a Structured Unified Process for Software Security.
In the proceedings of the Software
Engineering for Secure Systems Workshop, (SESS), held in
conjunction with the 28th International Conference on Software
Engineering, (ICSE 2006), May 20-28, 2006, Shanghai, China.